kernel -- TCP connection stall denial of service

Description:

Problem Description

Two problems have been discovered in the FreeBSD TCP stack.

First, when a TCP packets containing a timestamp is
received, inadequate checking of sequence numbers is
performed, allowing an attacker to artificially increase the
internal "recent" timestamp for a connection.

Second, a TCP packet with the SYN flag set is accepted for
established connections, allowing an attacker to overwrite
certain TCP options.

Impact

Using either of the two problems an attacker with knowledge
of the local and remote IP and port numbers associated with
a connection can cause a denial of service situation by
stalling the TCP connection. The stalled TCP connection my
be closed after some time by the other host.

Workaround

In some cases it may be possible to defend against these
attacks by blocking the attack packets using a firewall.
Packets used to effect either of these attacks would have
spoofed source IP addresses.

References:

Affects:

FreeBSD >=5.4 <5.4_3

FreeBSD >=5.* <5.3_17

FreeBSD >=4.11 <4.11_11

FreeBSD <4.10_16

portaudit: kernel -- TCP connection stall denial of service

Disclaimer: The data contained on this page is derived from the VuXML document,
please refer to the the original document for copyright information. The author of
portaudit makes no claim of authorship or ownership of any of the information contained herein.